package com.demo;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Scanner;

public class Test {

    public static void main(String[] args) {
//        login();
//        loginSafety();
        loginSafety2();
    }

    /**
     * 防止sql注入
     */
    private static void loginSafety() {
        try {
            //        1.从键盘接受用户输入的用户名和密码
            Scanner scanner = new Scanner(System.in);
            // 输入的用户名和密码用 , 隔开      zhsh,123,wee
            String srcData = scanner.nextLine();
            String[] split = srcData.split(",", 2);
            String user = split[0];
            String psd = split[1];
            //        2，将收到的用户名和密码在数据库中验证
            Connection conn = Utils.getConn();
            String sql = "select user from user where user=? and psd=?";
            PreparedStatement statement = conn.prepareStatement(sql);
            statement.setString(1, user);
            statement.setString(2, psd);
            ResultSet resultSet = statement.executeQuery();
            //3，将验证的结果反馈给用户，显式在命令中
            boolean next = resultSet.next();
            if (next){
                System.out.println("登录成功");
            }else {
                System.out.println("登录失败");
            }
        }catch (Exception e){
            e.printStackTrace();
        }finally {
            Utils.close();
        }
    }

    /**
     * 防止sql注入
     */
    private static void loginSafety2() {
        try {
            //        1.从键盘接受用户输入的用户名和密码
            Scanner scanner = new Scanner(System.in);
            // 输入的用户名和密码用 , 隔开      zhsh,123,wee
            String srcData = scanner.nextLine();
            String[] split = srcData.split(",", 2);
            String user = split[0];
            String psd = split[1];
            //        2，将收到的用户名和密码在数据库中验证
            Connection conn = JDBCUtils.getConn();
            String sql = "select user from user where user=? and psd=?";
            PreparedStatement statement = conn.prepareStatement(sql);
            statement.setString(1, user);
            statement.setString(2, psd);
            ResultSet resultSet = statement.executeQuery();
            //3，将验证的结果反馈给用户，显式在命令中
            boolean next = resultSet.next();
            if (next){
                System.out.println("登录成功");
            }else {
                System.out.println("登录失败");
            }
        }catch (Exception e){
            e.printStackTrace();
        }finally {
            JDBCUtils.close();
        }
    }

    /**
     *  sql注入
     *  模拟登录  验证用户名 密码
     */
    public static void login(){
        try {
            //        1.从键盘接受用户输入的用户名和密码
            Scanner scanner = new Scanner(System.in);
            // 输入的用户名和密码用 , 隔开      zhsh,123,wee
            String srcData = scanner.nextLine();
            String[] split = srcData.split(",", 2);
            String user = split[0];
            String psd = split[1];
            //        2，将收到的用户名和密码在数据库中验证
            Statement statement = Utils.getStatement();
            String sql = "select user from user where user='"+user+"' and psd='"+psd+"'";
            System.out.println("执行的sql语句是："+sql);
            ResultSet resultSet = statement.executeQuery(sql);
            //3，将验证的结果反馈给用户，显式在命令中
            boolean next = resultSet.next();
            if (next){
                System.out.println("登录成功");
            }else {
                System.out.println("登录失败");
            }
        }catch (Exception e){
            e.printStackTrace();
        }finally {
            Utils.close();
        }
    }
}
